Service Organization Control (SOC) reports have become more and more important to the world of information security and compliance since being introduced by the American Institute of CPAs (AICPA) in 2011. This is particularly the case for SOC 2, which focuses on availability, confidentiality, privacy, processing integrity, and security as its trust services criteria or Read more…

Which security baseline do you need under the Federal Risk and Authorization Management Program (FedRAMP)? Is it low, moderate, or high? While choosing to utilize cloud services has the added benefits of flexibility, increased collaboration, and lower upfront investments, it can also bring about increased risks, and for that reason, the US federal government has Read more…

Last April 2016, the European Union (EU) Parliament adopted the General Data Protection Regulation (GDPR) to replace the now defunct Data Protection Directive 95/46/EC. GDPR was put in place to bolster and consolidate data protection in the EU and is not only applicable to companies located within the EU, but also to those outside its Read more…

While recent years have seen a spike in new forms of cyber attacks that increasingly threaten not only governments but also companies, information security management just got a recent boost. On May 11, 2017, US President Donald Trump signed an executive order meant to fortify federal government cyber security measures and guard critical infrastructure from Read more…

While cloud solutions have made it possible to make computer systems more efficient and effective, the federal IT infrastructure has had a hard time adopting this innovation. Saddled by redundant, time-consuming, costly, and inefficient systems, the federal government has found it hard to secure its IT systems without throwing hundreds of millions of dollars down Read more…

Performing a risk assessment is a central part of the ISO 27001 process directed to implementing an ISMS (Information Security Management System). How could you protect any sort of environment without being fully aware of impending threats, the exposition level, and variables such as the likelihood of occurrence and estimated level of impact? Understanding all Read more…

From an information security management point of view, complying with the required laws, regulations and contractual obligations can be as much of a challenge as dealing with the ever-evolving threat landscape and new forms of attacks.  What many organizations fail to understand is that both are equally important. Mandatory requirements can come in the form Read more…

If there is one thing the last couple years have made clear, it is the lack of respect towards personal data privacy. From companies with inadequate security controls leading to improper management of sensitive information to businesses making a profit by selling clients’ information and even government agencies that like to play big brother. At Read more…

The adoption of a corporate-wide compliance program is one of the most demanding projects you may undertake. Furthermore making the most of time-consuming tasks such as controls implementation, requires not only the experience and knowledge but also a holistic approach at the design level. Every organization is different.  Standards were created keeping in mind that Read more…

In our ever changing technological and corporate environment, it is only natural for standards and best practices to receive regular updates that try to both accommodate corrections and improvements. That is what just recently happened to the American Institute of Certified Public Accountants criteria for the Trust Services Principles (TSP) by releasing a SOC 2 Content Read more…